This Kubernetes pod deployment can serve as an init container to retrieve a secret from a Bitwarden vault and share it with the main container(s) through a file. You can mount this file into the main container(s).

To use this, create a Kubernetes secret with the credentials for your Bitwarden/Vaultwarden instance. For instance, I am utilizing sealedsecret to encrypt passwords and other secrets

kind: SealedSecret apiVersion: bitnami.com/v1alpha1 metadata: name: bitwarden-cli-env-secrets namespace: tools lables: app.kubernetes.io/name: bitwarden-cli app.kubernetes.io/component: cli app.kubernetes.io/instance: production app.kubernetes.io/part-of: vaultwarden spec: encryptedData: BW_CLIENTID: "Your bitwarden client ID" BW_CLIENTSECRET: "Your bitwarden client secret" BW_PASSWORD: "Your bitwarden password" template: metadata: labels: app: bitwarden-cli name: bitwarden-cli-env-secrets namespace: tools type: Opaque

It pulls, by default, a 'username,' 'password,' and 'TOTP' and saves them in a file at this location: /tmp/.retrieved.env. Use the command eval $(cat /tmp/.retrieved.env) to make the variables available as OS environment variables inside the container(s)."

cat <<EOF >/tmp/.retrieved.env RETRIEVED_USERNAME="${USERNAME}" RETRIEVED_PASSWORD="${PASSWORD}" RETRIEVED_TOTP="${TOTP}" EOF